Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 16 Apr 1998 23:45:26 -0700 (PDT)
From:      dima@best.net (Dima Ruban)
To:        mph@pobox.com (Matthew Hunt)
Cc:        robert+freebsd@cyrus.watson.org, dima@best.net, stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject:   Re: kernel permissions (part II)
Message-ID:  <199804170645.XAA13015@burka.rdy.com>
In-Reply-To: <19980417015505.15073@mph124.rh.psu.edu> from Matthew Hunt at "Apr 17, 98 01:55:05 am"

next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Hunt writes:
> On Fri, Apr 17, 1998 at 01:45:29AM -0400, Robert Watson wrote:
> 
> > Anyhow, if there is sufficient interest in the project, I'd like to try
> > and get it off the ground.  Presumably, some changes might work their way
> > back into the default distribution.  If we lose no significant
> > functionality, it cannot hurt to restrict priveledges.  It may help us
> > when those unpredicted vulnerabilities do turn up.  
> 
> It sounds to me like a wothwhile project, even though I would be
> unlikely to use it myself.  I do question the idea of making it

It actually depends on what are you using FreeBSD for.
Of course you don't really need it if you use you machine as a desktop,
or in one/few user production enviroment.
(No need to argue, it's just a basic point)

> part of the ports system, because the idea of ports modifying the
> base system seems like a considerable departure from the rest of
> the ports collection.

About having this in ports - I don't think so, and I doubt Satoshi
will disagree with me.

> I can't be persuaded that a world-readable kernel can ever present
> a problem (the real problem would have to be in some other software)

Absolutely. That's why I've called it a "potential problem"

> and Dima is unlikely to be persuaded to my point of view.  I see
> a pattern in my future: "make install", forget to change the perms
> to 444, reboot, kick myself (since I run with securelevel=1), swear
> to remember next time, and repeat the cycle. :-)

:-)
I don't see a good way of adjusting this. That why I was pointing that
this change ton't break anything.

Speaking about improving security.

How about change like this (I didn't implement it yet, but it's not be a big
deal).
Right now we have a mount flag "nosuid". It serves it's mission,
but I'd love to have some flexibility on this.
Example is ISP enviroment (again :-). You want to allow users to have
suid to them programs, but at the same time you feel bad about having
suid programs for uids less than something (let's say 100).

How about to implement this? Via mount options or something else?
Let's say, one wants to allow users to have suid programs, if uid on suid
program is greater than N and less than M.

How does it sound?


> 
> -- 
> Matthew Hunt <mph@pobox.com> * Stay close to the Vorlon.
> http://mph124.rh.psu.edu/~mph/pgp.key for PGP public key 0x67203349.
> 

-- dima

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804170645.XAA13015>